Seiko USA Website Defaced Hacker Claims Customer Data Theft
Seiko USA Website Defaced 🚨
The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. Visitors to the “Press Lounge” section of the site were shown a page titled “HACKED,” which replaced normal content with what appeared to be a ransom demand and data breach notification.
The message warned that attackers had gained access to the company’s Shopify backend and exfiltrated sensitive customer information. The defaced webpage stated, “This is an urgent security notification regarding your Shopify store. Your customer database has been compromised.” The threat actors further claimed, “We have successfully breached your Shopify store’s security systems and downloaded the entire customer database.”
Stolen Data 📊
The threat actors claim the stolen data contains the following information:
- Customer Information: Names, email addresses, phone numbers
- Order History: Purchase records, transaction details
- Shipping Data: Addresses, shipping preferences
- Account Details: Account creation dates, customer notes
The attackers warn that the stolen data will be publicly released unless Seiko USA enters into negotiations. As part of the demand, they instructed the company to locate a specific customer account, identified as ID 8069776801871, within the Shopify admin panel. The threat actors say that a contact email address was added to that account profile and should be used to initiate negotiations. The defacement further warned that Seiko USA had 72 hours to contact them or the alleged database would be published.
BleepingComputer has not been able to determine what threat actor is behind the attack and whether their claims are legitimate. Seiko USA has not publicly confirmed or responded to BleepingComputer emails about the incident, but has since removed the extortion message from the website.